ZeroTier One for container-oriented distributions like CoreOS (but will run anywhere with Docker)

Full Description

This is a container with a lightweight Alpine Linux image and a copy of ZeroTier One built for that image. (We are working on Alpine packages but that is another matter.) It's designed to allow you to run ZeroTier One as a service on container-oriented distributions like CoreOS, though it should work on any Linux system with Docker.

To run this container in the correct way requires some special options to give it special permissions and allow it to persist its files. Here's an example (tested on CoreOS):

This runs zerotier/zerotier-containerized in a container with special network admin permissions and with access to the host's network stack (no network isolation) and /dev/net/tun to create tun/tap devices. This will allow it to create zt# interfaces on the host the way a copy of ZeroTier One running on the host would normally be able to.

In other words that basically does the same thing that running zerotier-one directly on the host would do, except it runs in a container. Since CoreOS has no package management this is the preferred way of distributing software for it.

It also mounts /var/lib/zerotier-one to /var/lib/zerotier-one inside the container, allowing your service container to persist its state across restarts of the container itself. If you don't do this it'll generate a new identity every time. You can put the actual data somewhere other than /var/lib/zerotier-one if you want.

Once the container is running you can control it like this:

docker exec zerotier-one /zerotier-cli join 8056c2e21c000001

That will join our public test network. Wait about 30-60 seconds and then try typing ip addr list or ifconfig on the actual host. You should see a zt0 interface with an IP address. Now try pinging earth.zerotier.net. If it works your host is now connected.

You can run one of these containers per Docker host to provide Docker backplane network connectivity under CoreOS or any other Linux host that can run Docker. You can then follow our 6PLANE instructions if you want to use our Docker-oriented IPv6 addressing scheme to assign addresses to containers, or you can do anything else you want. Obviously running more than one of these per Docker host is a bad idea and will have confusing results.

We realize this is not the full story in terms of CoreOS integration. We're still working on that. Obviously things like etcd present fascinating possibilities!